今天用ajax在前台传递数据,为了避免数据被篡改保证安全,做了一个签名限制。
页面需要引入md5.js文件
1.时间戳来做处理随时更新
2.用键值对拼接 加密 转大写
JQ代码
//ajax部分
var data = {user_name:user_name,short_company_name:user_name,mobile:mobile,user_passwd:user_passwd,code:code,city_id:city_id};
getSignature(data)
$.post("/php/tijiao/", {data:data}, function (data) {
var data = JSON.parse(data);
if (data.resultId == 0) {
window.location.href = data.Data;
return false;
}
})
//封装加密
function getSignature(data){
data.timestamp = (new Date()).valueOf();
requestJson = ksort(this, data, '');
requestStr = getRequestStr(requestJson);
requestStr = requestStr.substr(1, requestStr.length);
//תmd5 + 转大写
data.signature = $.md5(requestStr).toUpperCase();
return data;
}
//ASCII 排序
function ksort(vm, inputArr, sort_flags) {
var tmp_arr = {},
keys = [],
sorter, i, k, that = vm,
strictForIn = false,
populateArr = {};
switch (sort_flags) {
case 'SORT_STRING':
// compare items as strings
sorter = function (a, b) {
return that.strnatcmp(a, b);
};
break;
case 'SORT_LOCALE_STRING':
// compare items as strings, original by the current locale (set with i18n_loc_set_default() as of PHP6)
var loc = vm.i18n_loc_get_default();
sorter = vm.php_js.i18nLocales[loc].sorting;
break;
case 'SORT_NUMERIC':
// compare items numerically
sorter = function (a, b) {
return ((a + 0) - (b + 0));
};
break;
// case 'SORT_REGULAR': // compare items normally (don't change types)
default:
sorter = function (a, b) {
var aFloat = parseFloat(a),
bFloat = parseFloat(b),
aNumeric = aFloat + '' === a,
bNumeric = bFloat + '' === b;
if (aNumeric && bNumeric) {
return aFloat > bFloat ? 1 : aFloat < bFloat ? -1 : 0;
} else if (aNumeric && !bNumeric) {
return 1;
} else if (!aNumeric && bNumeric) {
return -1;
}
return a > b ? 1 : a < b ? -1 : 0;
};
break;
}
// Make a list of key names
for (k in inputArr) {
if (inputArr.hasOwnProperty(k)) {
keys.push(k);
}
}
keys.sort(sorter);
// BEGIN REDUNDANT
vm.php_js = vm.php_js || {};
vm.php_js.ini = vm.php_js.ini || {};
// END REDUNDANT
strictForIn = vm.php_js.ini['phpjs.strictForIn'] && vm.php_js.ini['phpjs.strictForIn'].local_value && vm.php_js
.ini['phpjs.strictForIn'].local_value !== 'off';
populateArr = strictForIn ? inputArr : populateArr;
// Rebuild array with sorted key names
for (i = 0; i < keys.length; i++) {
k = keys[i];
tmp_arr[k] = inputArr[k];
if (strictForIn) {
delete inputArr[k];
}
}
for (i in tmp_arr) {
if (tmp_arr.hasOwnProperty(i)) {
populateArr[i] = tmp_arr[i];
}
}
return strictForIn || populateArr;
}
function getRequestStr(obj) {
var str = '';
$.each(obj, function (index, value) {
if(value){
if(str){
str += '&'+ index + '=' + value;
}else{
str += '?'+ index + '=' + value;
}
}
});
return str;
}
PHP后台处理
public function tijiaoAction(){
$params_post = $this->getRequest()->getPost();
$post_data = $params_post['data'];
//防刷验证
if($this->checkSignature($post_data)){
//验证成功
}
}
//验证方式
private function checkSignature($data){
$requestStr = '';
ksort($data);
if(!isset($data['signature'])){
return false;
}
if(time() - $data['timestamp'] > 60*1000){
return false;
}
foreach ($data as $key => $value){
//这里做了一个去空处理 所以前端有无数据都可以传过来
if(!in_array($key, ['s_log_time', 'signature', 'request_url']) && !empty($value)){
$requestStr .= empty($requestStr) ? $key.'='.$value: '&'.$key.'='.$value;
}
}
$requestStr = strtoupper(md5($requestStr));
if($requestStr != $data['signature']){
return false;
}else{
return true;
}
}